Using the secret key corresponding to the originatorKey publicKey and
the recipient's public key, the algorithm VKO GOST R 34.10-94 or VKO
GOST R 34.10-2001 (described in [CPALGS]) is applied to produce the
KEK.

It should say:

Using the private key corresponding to the originatorKey publicKey and
the recipient's public key, the algorithm VKO GOST R 34.10-94 or VKO
GOST R 34.10-2001 (described in [CPALGS]) is applied to produce the
KEK.

Using the secret key corresponding to the GostR3410-
TransportParameters ephemeralPublicKey and the recipient's public
key, the algorithm VKO GOST R 34.10-94 or VKO GOST R 34.10-2001
(described in [CPALGS]) is applied to produce the KEK.

It should say:

Using the private key corresponding to the GostR3410-
TransportParameters ephemeralPublicKey and the recipient's public
key, the algorithm VKO GOST R 34.10-94 or VKO GOST R 34.10-2001
(described in [CPALGS]) is applied to produce the KEK.

When the Message Digest authenticated attribute is present, the
| DigestedData digest contains a 32-byte digest in little-endian
representation:

It should say:

When the Message Digest authenticated attribute is present, the
| DigestedData digest contains a 32-byte digest in big-endian
representation:

Notes:

Rationale:
- Contradiction to other parts of the document,
which use "big-endian" == 'network byte order'
as established in the Internet architecture.
- Please also note that the ASN.1 BER/DER encoding is
based on the 'natural' byte order for left-to-right
scripts -- otherwise the intrinsically variable-length
representation used would be very complicated to deal
with in processing.
- Intrduction of varying endian-ness is a likely source
of implementation issues and, consequentially,
interoperability problems.
--VERIFIER NOTES--
authors confirmed that the DigestedData digest is encoded in little-endian representation in all
known implementations.